(token: string)
| 61 | * Best-effort JWT claim decoding (no signature verification). |
| 62 | */ |
| 63 | export function parseJwtClaims(token: string): Record<string, unknown> | null { |
| 64 | const parts = token.split("."); |
| 65 | if (parts.length !== 3) { |
| 66 | return null; |
| 67 | } |
| 68 | |
| 69 | try { |
| 70 | const json = Buffer.from(parts[1], "base64url").toString("utf-8"); |
| 71 | const parsed = JSON.parse(json) as unknown; |
| 72 | return isPlainObject(parsed) ? parsed : null; |
| 73 | } catch { |
| 74 | return null; |
| 75 | } |
| 76 | } |
| 77 | |
| 78 | export function extractAccountIdFromClaims(claims: Record<string, unknown>): string | null { |
| 79 | // OpenCode guide extraction order: |
no test coverage detected